The Minimum Viable Product (MVP) for User management interface has been in place for a while and we have received a number of feedback from various sources; TIS Admin Users, Tech debt feedback which arose from investigating tickets, and session with the Product Owner and Data leads. This page captures those feedback and in a suggested prioritised order from the data leads and Product owner.
As a TIS admin with access to User Management I want the non-HEE prefixed roles to be hidden in the UI So That Users cannot be updated/added with those roles and avoid any confusion
If a) not really a user role, but only used by internal services, then should be hidden from the UI as they got nothing to do with actual users.
b) If they can tell that some of those non-HEE roles are actually needed and not already part of the 9 HEE roles, then they need to flag to us, but if they are already part of one of the 9 HEE roles, then they are just duplicating/confusing users, and should really be removed
As a TIS admin I want to have visibility and manage Audits on last logged in, when users are made inactive, when created So That I can report on those in the National Data Warehouse and comply with Information Governance
Given there are no Audits on last logged in, when users are made inactive, when created When those are captured Then I should be able to report on those in the National Data Warehouse
As a TIS admin I want to have the ability to re-activate inactive accounts of different user types (admins, trusts users, trainees etc.) So That I do not have to recreate duplicate accounts on TIS
As a TIS admin I want TIS to have an improved User Experience and User Interface for managing user accounts So That I can manage accounts in a an intuitive and user-friendly way
- Have validations to stop invalid data from being saved into TIS - Improvements around navigations, instead of having to remember and type the URL to .../usermanagement... - User journeys to be prototyped and tested with the users and interatively and incrementally improve with user feedback
As a TIS admin I want Users with access to manage users to be able to manage (view/create/update) other users with same or less permissions than my logged in permissions So That I can ensure permissions are managed in a hierarchical way and I cannot grant myself or others higher level permissions. (E.g. If I have access to manage HEE Admin Users, I should not be able to add a user with HEE TIS Admin role)
7
As a TIS admin I want to have the ability to opt to Multiform Factor Authentication (MFA) So That I have a more secure way of authenticating to TIS from multiple devices and locations
As a TIS admin I want the non-hee roles to be removed from existing accounts So That there is no overlap and confusion over the level of permissions a user has been setup with on TIS
As a TIS Admin in a local office I want users to be able to access trainees by programmes (as per the Programme Admin/Observer role)
And trainees by Trusts (as per the HEE Trust Admin/Observer role) So that a Trust admin who is responsible for the management of trainees both in their trust and in a local office-wide programme can see trainees from a programme and from a trust
Given the Programme Admin/Observer roles conflict with the Trust Admin/Observer role so if a user is attached to both a Programme and Trust role the result is that the user sees no trainees When a user is attached to Programme and Trust role Then they will see the trainees in the programme that they have access to (either in an Admin or Observer capacity) and in the Trust they have access to (either in an Admin or Observer capacity)
As a Product Owner I want to have a definition of the hierarchy of roles to be used for TIS` So That I can ensure accounts permissions can be granted in a cohesive way withouth overlapping roles
5
As a TIS admin I want to have a Post Admin role exclusively for managing posts and post fundings So That posts and fundings are managed in a cohesive way
6
As a TIS admin I want to have our reference data to be taxonomised So That TIS use can be scaled/expanded to other Nations and Staff groups whilst still having the ability to segregate views of the data
As a TIS admin I want TIS to proactively clean accidentally added extra white spaces (leading/trailing/middle extra) when a user enters account information on TIS (usernames, email address) So That clean user accounts are created and maintained in TIS and avoid user confusion when trying to login
As the TIS Dev Team/PO I want to research into a mechanism to be able to use roles in combination to augment users permissions or remove roles to decrease users' permissions (e.g. Programme Admin and Trust Admin) So that we have model for TIS that can be scaled cohesively if new roles come along.
Given the Programme Admin/Observer roles conflict with the Trust Admin/Observer role so if a user is attached to both a Programme and Trust role the result is that the user sees no trainees When a user is attached to Programme and Trust role Then they will see the trainees in the programme that they have access to (either in an Admin or Observer capacity) and in the Trust they have access to (either in an Admin or Observer capacity)
As the TIS Dev Team/PO I want to research into a mechanism for accounts Audits (last logged in, when users are made inactive, when created etc.) So That we are confident to implement a solution for TIS that would be IG compliant
4
As a TIS admin I want accounts to be created in a seamless way without having to juggle between keycloak and User management/Profile Service to ensure that an account has been setup successfully So That we do not end up in partial account creations which has happened on a number of occasions, And avoid putting burden on the dev team and support team to investigate and manually fix accounts